CVE-2018-18605

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.31

Description The issue is related to a heap-based buffer over-read in the sec merge hash lookup function, located in merge.c, which is part of the Binary File Descriptor (BFD) library. This occurs when the section size is not a multiple of the entry size, leading to incorrect memory access. Exploitation of this issue can cause a denial of service. A specially crafted ELF file can be used by remote attackers to trigger this issue.

Recommendations For GNU Binutils version 2.31, consider updating to a newer version that includes a fix for this issue. As a temporary workaround, restrict the use of the sec merge hash lookup function in merge.c to minimize the risk of exploitation. Avoid processing specially crafted ELF files until the issue is resolved.